All CosmicBytez Labs articles tagged #Newsletter, across news, security advisories, how-to guides, and projects.
Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.
A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...
Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...
A meta writeup about this site — content pipeline via velite (the contentlayer2 successor), a Resend-backed newsletter wired through a Vercel cron, the IT exam.
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...
This week: Russian authorities detain the alleged LeakBase admin weeks after the FBI-led global crackdown on the 147,000-subscriber stolen-data...
This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...
This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...
This week: UNC6426 weaponizes a stale npm supply chain compromise to seize full AWS admin in 72 hours, Cognizant TriZetto leaks 3.4 million patient...
This week: Google reports 90 zero-days exploited in 2025 with enterprise tech at 48%, CISA issues emergency directive for Cisco SD-WAN CVSS 10 zero-day,...
This week: UMMC closes 35 clinics after ransomware, Advantest semiconductor supplier hit, AT&T's 2024 breach resurfaces with 148M decrypted SSNs, Diesel...
New IT offboarding checklist, endpoint security baseline, BGP monitoring guide, ClickFix detection guide, plus AI-powered attacks on FortiGate devices, a...
Chrome's first zero-day of 2026, Ivanti EPMM breaches across EU governments, APT28's record-fast exploit weaponization, and the Cloudflare BGP outage that...
Introducing our Templates & Checklists section with a free 52-item IT onboarding checklist. Plus: security roundup and quick tips.
Critical Exchange and FortiOS zero-days, AI deepfake phishing surge, CISA zero trust mandate, post-quantum cryptography goes live, and the expanding RaaS...